password policy module

I've committed our implementation of the LDAP Password Policy code, based on
draft-behera-ldap-password-policy-07, more or less. The draft still has a lot
of holes in it, and the code has a few as well, though it should at least
work without segfaulting.
I noticed the distinct need for a function "slap_add_control()" to add a
control to the list of response controls. Currently most code that touches
SlapReply->sr_ctrls assumes it is the only thing setting a control, so things
will break whenever multiple controls are applicable to a single response.
This should be a simple thing to fix.
There's also no convenient way for controls implemented outside of slapd to
assert their presence on an operation like the built-in controls do (e.g.,
op->o_noop). I think maybe a bitmap (op->o_ctrl_ids) would help here, with
each registered control getting its own bit. e.g. something like
int register_supported_control( oid, mask, exops, parsefn, int *ID ) {
...
}
parseFoo(<relevant args>) {
...
op->o_ctrl_ids[ID] = 1;
...
}
There are other issues more specific to the policy code itself, but they'll
have to wait until the spec gets hammered out a bit more.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.comhttp://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support